[FEAT] Optional warning: password not changed for longer

[WebworkrNet]

Other password managers indicate when a password has no longer been changed. I would advocate such a function as an optional function. I would activate it by default.

IF last change in the password field is older than X months, THEN issue a warning.

In my opinion, X should be selectable from several pre-assigned values, which could be linked to the on/off switch.

Output of a warning:

• As a PUSH message
• In a special list in the app (because PUSH messages are volatile)
• In the affected entry itself

[PhilippC]

this assumes that your password could have been stolen, right? is there any other reason why one wants to change a password?

[WebworkrNet]

this assumes that your password could have been stolen, right?

That is currently the only reason.

[nix365]

https://pages.nist.gov/800-63-4/sp800-63b/authenticators/#passwordver
3.1.1.2 - 6
"Verifiers and CSPs SHALL NOT require users to change passwords periodically. However, verifiers SHALL force a change if there is evidence of compromise of the authenticator"
As far as I'm informed you should not change your password periodically, because it does not provide further security.

[PhilippC]

I agree. I don't want to support this weird idea of changing passwords periodically and thus won't implement this.